As the field of artificial intelligence (AI) and machine learning (ML) continues to evolve at a rapid pace, developers are always on the lookout for new tools to simplify their work with large language models (LLMs). Open-source libraries and packages are central to this progress, but this convenience comes with hidden risks. Malicious actors are now exploiting the popularity of LLM research to spread malware through seemingly useful npm packages. One such package, ‘llm-oracle’, presents itself ...